Privacy Policy

Last updated: November 6, 2025

1. Introduction

MadFish AI ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered e-commerce intelligence platform.

By using MadFish AI, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this privacy policy, please do not access the service.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, company name, and password when you create an account
  • Billing Information: Payment card details and billing address (processed securely through our payment processor)
  • Business Data: E-commerce data you connect or upload, including sales data, customer information, product catalogs, and marketing metrics
  • Communications: Information you provide when you contact our support team or communicate with us
  • Usage Information: Questions you ask our AI, reports you generate, and preferences you set

2.2 Information Collected Automatically

  • Log Data: IP address, browser type, operating system, referring URLs, and pages visited
  • Device Information: Device type, unique device identifiers, and mobile network information
  • Cookies: We use cookies and similar tracking technologies to track activity and store preferences
  • Analytics: Usage patterns, feature adoption, and performance metrics

2.3 Information from Integrated Services

When you connect third-party services (like BigCommerce, Google Analytics, or email marketing platforms), we access and process data from these services according to the permissions you grant.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our AI intelligence service
  • Process your queries and generate insights about your business
  • Train and improve our AI models (using anonymized and aggregated data only)
  • Send you service updates, security alerts, and support messages
  • Process payments and prevent fraud
  • Comply with legal obligations
  • Analyze usage patterns to improve our service
  • Provide customer support

4. Data Processing and AI

4.1 AI Processing

Your business data is processed by our AI system to provide insights and answer your questions. This processing happens in real-time and includes:

  • Natural language understanding of your queries
  • Analysis of your business data to generate responses
  • Pattern recognition to identify trends and opportunities
  • Generation of reports and visualizations

4.2 Data Isolation

Each customer's data is completely isolated. Your data is never mixed with other customers' data, and our AI models do not learn from your specific business data to improve responses for other customers.

5. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information or business data. We may share information only in these circumstances:

  • Service Providers: With trusted third parties who help us operate our service (e.g., cloud hosting, payment processing)
  • Legal Requirements: If required by law or in response to valid legal process
  • Protection of Rights: To protect our rights, privacy, safety, or property
  • Business Transfers: In connection with a merger, acquisition, or sale of assets (with notice to you)
  • Consent: With your explicit consent

6. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • 256-bit encryption for data at rest and in transit
  • Secure data centers with physical access controls
  • Regular security audits and penetration testing
  • Access controls and authentication requirements
  • Regular backups and disaster recovery procedures
  • Employee training on data protection

While we strive to protect your information, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

7. Data Retention

We retain your information for as long as necessary to provide our services and fulfill the purposes outlined in this policy:

  • Account Information: Retained while your account is active
  • Business Data: Retained according to your subscription plan terms
  • Backup Data: Retained for 30 days after deletion for recovery purposes
  • Legal Records: Retained as required by law or regulation

You can request deletion of your data at any time, subject to legal retention requirements.

8. Your Rights and Choices

8.1 Access and Control

You have the right to:

  • Access your personal information
  • Correct inaccurate or incomplete information
  • Request deletion of your information
  • Export your data in a portable format
  • Opt-out of marketing communications
  • Disable cookies in your browser

8.2 California Privacy Rights

California residents have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect and how we use it.

8.3 European Privacy Rights

If you are in the European Economic Area, you have rights under the General Data Protection Regulation (GDPR), including the right to data portability and the right to object to processing.

9. Cookies and Tracking

We use cookies and similar technologies to:

  • Keep you logged in
  • Remember your preferences
  • Understand how you use our service
  • Improve our service performance

You can control cookies through your browser settings. Disabling cookies may limit some features of our service.

10. Children's Privacy

MadFish AI is not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18. If we discover that we have collected information from a child under 18, we will delete it immediately.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. We ensure appropriate safeguards are in place for such transfers.

12. Third-Party Links

Our service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

13. Data Processing Agreement (DPA)

For business customers who require a Data Processing Agreement for compliance with data protection regulations, we offer a standard DPA that covers:

  • Processing Details: Clear definition of data processing activities and purposes
  • Security Measures: Our technical and organizational security measures
  • Sub-processors: List of approved sub-processors we use (AWS, payment processors, etc.)
  • Data Subject Rights: Procedures for handling data subject requests
  • Breach Notification: Our commitment to notify you of any data breaches
  • Audit Rights: Your rights to audit our data protection practices
  • Data Return/Deletion: Procedures for data return or deletion upon termination

To request a DPA, please contact us at legal@madfishai.com with your company details. Enterprise customers may request customized DPAs as part of their subscription.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Last updated" date
  • Sending you an email notification for significant changes

Your continued use of our service after changes constitutes acceptance of the updated policy.

15. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us:

MadFish AI
Email: privacy@madfishai.com
Address: [Your Company Address]

16. Data Protection Officer

For privacy-related inquiries, you can also contact our Data Protection Officer at: dpo@madfishai.com